ESET Research at RSA Conference 2021: Android stalkerware on the rise

Next story

Stalkerware vulnerabilities endanger both victims and stalkers.


BRATISLAVA – Mobile stalkerware, which is software silently installed by stalkers onto victims’ mobile devices without their knowledge, is on the rise, ESET Research finds. In 2019, ESET telemetry recorded almost five times more Android stalkerware detections than in 2018, and in 2020, almost 1.5 times more were recorded than in 2019. In addition, ESET Research has discovered serious vulnerabilities in Android stalkerware apps and their monitoring servers that could result in serious user impact if exploited. “Security: The Hidden Cost of Android Stalkerware” will be presented today, 17th May 2021, by ESET researcher Lukáš Štefanko from 6.20pm to 7pm GMT.

For stalkerware vendors, to stay under the radar and avoid being flagged as stalkerware, their apps are in many cases promoted as providing protection to children, employees, or women, yet the word ‘spy’ is used many times on their websites. “Searching for these tools online isn’t difficult at all; you don’t have to browse underground websites,” explains Štefanko.

ESET researchers manually analysed 86 stalkerware apps for the Android platform, provided by 86 different vendors. This analysis identified many serious security and privacy issues that could result in a third party – an attacker – taking control of a victim’s device, taking over a stalker’s account, intercepting a victim’s data, framing a victim by uploading fabricated evidence, or achieving remote code execution on a victim’s smartphone. Across 58 of these Android applications, ESET discovered a total of 158 security and privacy issues that can have a serious impact on a victim; indeed, even the stalker or the app’s vendor may be at some risk.

Among the most prevalent issues were insecure transmission of users’ personally identifiable information; storage of sensitive information on external media; exposure of sensitive user information to unauthorised users; server leak of stalkerware client information; and unauthorised data transmission from device to server.

“Following our 90-day coordinated vulnerability disclosure policy, we repeatedly reported these issues to the affected vendors. Unfortunately, to this day, only six vendors have fixed the issues we reported in their apps,” says Štefanko.

For more technical details about ESET’s analysis of Android stalkerware, read the blogpost “Android stalkerware threatens victims further and exposes snoopers themselves” and the white paper on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.


 Based on our detection telementry, usage of Android stalkerware is increasing


About ESET 
For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multi-factor authentication, ESET’s high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defences in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET’s R&D centres worldwide, working in support of our shared future. For more information, visit our website or follow us on LinkedInFacebook, and Twitter.